CVE-2020-0601

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-0601

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-0601.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-0601

Aliases

Downstream

BELL-CVE-2020-0601

Published

2020-01-14T23:15:30.207Z

Modified

2026-04-11T20:27:47.598504Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type

GIT

Repo

https://github.com/golang/go

Events

Introduced

05e77d41914d247a1e7caf37d7125ccaa5a53505

Fixed

deac3221fc4cd365fb40d269dd56551e9d354356

Introduced

cc8838d645b2b7026c1f3aaceb011775c5ca3a08

Fixed

7d2473dc81c659fba3f3b83bc6e93ca5fe37a898

Database specific

{
    "cpe": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "1.12"
        },
        {
            "fixed": "1.12.16"
        },
        {
            "introduced": "1.13"
        },
        {
            "fixed": "1.13.7"
        }
    ]
}

Affected versions

go1.*

go1.12

go1.12.1

go1.12.12

go1.12.13

go1.12.14

go1.12.15

go1.12.2

go1.12.3

go1.12.4

go1.12.5

go1.12.6

go1.12.7

go1.12.9

go1.13

go1.13.3

go1.13.4

go1.13.5

go1.13.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-0601.json"